Mass media doesnt seem to get the difference between defacements and haxing.
Generally,defacements involve replacing the landing page of a website with some sort of amateurish looking page with a picture and the name of some “haxing cr3w”.
Depending on the Content Management System, some sites are vulnerable to having their index.php, default.php, or index.html replaced, without getting far into the site, and often, the attacker has no access to much. Hacking, on the other hand involves a haxor getting actually into the deeper part of the website…often, they DON’T deface the front page , because, depending on the goal, they may be planting malware (eg turning the site into a watering hole, that infects all visitors to the site) or making changes to the database, or making other changes, sometimes so subtly that it might not be noticed,
but does destructive events.
So, haxing usually needs a higher level of skill, but defacement, especially with older WordPress sites that have not been updated, are just a matter of using an exploit that has been used time after time by groups like ISIS that are often, merely script kiddies.